#!/usr/bin/env python3

import os
import subprocess
import sys
import time
import requests

# Debug output to confirm script is running
print("[TERRAT-WRAPPER] Starting terrat service wrapper script...", flush=True)

TERRAT_API_BASE = 'TERRAT_API_BASE'
GITHUB_API_BASE_URL = 'GITHUB_API_BASE_URL'
REQUIRED_ENV_KEYS = []

def setup_environment():
    custom_ca_cert = os.getenv('CUSTOM_CA_CERT')
    if custom_ca_cert:
        print(f"Installing custom CA certificates... (found {len(custom_ca_cert)} chars)", flush=True)
        try:
            # Run the root-owned certificate installation script
            # The script will handle all the logic for splitting and installing certificates
            result = subprocess.run(['sudo', '-E', '/usr/local/bin/install-ca-cert'],
                                  capture_output=True,
                                  text=True)

            if result.returncode == 0:
                print("Custom CA certificates installed successfully", flush=True)
                if result.stdout:
                    print(result.stdout, flush=True)
            else:
                print("Failed to install custom CA certificates", flush=True)
                if result.stderr:
                    print(f"Error: {result.stderr}", flush=True)
                # Don't fail completely if certificates can't be updated
                print("Attempting to continue without custom certificates...", flush=True)

        except Exception as e:
            print(f"Failed to install certificates: {e}", flush=True)
            print("Attempting to continue without custom certificates...")

        os.environ['CERTS_DIR'] = '/etc/ssl/certs'
    else:
        print("No CUSTOM_CA_CERT environment variable found, skipping certificate installation", flush=True)
    if 'GITHUB_APP_PEM' in os.environ:
        os.environ['GITHUB_APP_PEM'] = os.environ['GITHUB_APP_PEM'].replace('\\n', '\n')
    os.environ['TERRAT_PYTHON_EXEC'] = '/usr/bin/python3'
    os.environ['OCAMLRUNPARAM'] = 'b'
    os.environ['NGINX_STATUS_URI'] = 'http://localhost:8080/nginx_status'
    os.environ['TERRAT_PORT'] = '8180'
    os.environ.setdefault(GITHUB_API_BASE_URL, 'https://api.github.com')
    os.environ.setdefault('INFRACOST_PRICING_API_ENDPOINT', '')
    os.environ.setdefault('SELF_HOSTED_INFRACOST_API_KEY', '')

def assert_required_env_keys():
    missing_keys = [
      k for k in REQUIRED_ENV_KEYS
      if k not in os.environ
    ]

    if missing_keys:
        print('Missing environment variables: {}'.format(' '.join(missing_keys)), flush=True)
        print('Please see https://docs.terrateam.io/self-hosted for what variables are required', flush=True)
        sys.exit(1)

def get_tunnel_hostname(terratunnel_endpoint):
    try:
        response = requests.get(f"{terratunnel_endpoint}/status", timeout=5)
        response.raise_for_status()
        data = response.json()
        if data.get('connected') and data.get('tunnel_hostname'):
            return data['tunnel_hostname']
    except Exception as e:
        print(f"Failed to fetch tunnel hostname: {e}", flush=True)
    return None

def assert_run_mode():
    if not os.environ.get(TERRAT_API_BASE):
        print('TERRAT_API_BASE must be set', flush=True)
        print('Please see https://docs.terrateam.io/self-hosted for more information', flush=True)
        sys.exit(1)

def main():
    print('Starting...', flush=True)

    # Sleep in case we're in a bad runit loop
    time.sleep(3)

    assert_required_env_keys()

    # Try to set TERRAT_API_BASE from terratunnel if not already set
    if not os.environ.get(TERRAT_API_BASE) and os.environ.get('TERRATUNNEL_API_ENDPOINT'):
        print('TERRAT_API_BASE not set, attempting to fetch from terratunnel...', flush=True)
        tunnel_hostname = get_tunnel_hostname(os.environ['TERRATUNNEL_API_ENDPOINT'])
        if tunnel_hostname:
            os.environ[TERRAT_API_BASE] = f"https://{tunnel_hostname}/api"
            print(f"Set TERRAT_API_BASE to: {os.environ[TERRAT_API_BASE]}", flush=True)
        else:
            print("Failed to get tunnel hostname from terratunnel", flush=True)

    assert_run_mode()

    setup_environment()

    # Run db migration
    if os.environ.get('TERRAT_STRACE'):
        subprocess.check_call([
            '/usr/bin/strace',
            '-ff',
            '-o',
            '/tmp/strace-migrate.log',
            '-t',
            '-s',
            '100',
            '-v',
            '/usr/local/bin/terrat',
            'migrate',
            '--verbosity=debug'
        ])
    else:
        subprocess.check_call(['/usr/local/bin/terrat', 'migrate', '--verbosity=debug'])

    # Run server
    if os.environ.get('TERRAT_STRACE'):
        os.execv('/usr/bin/strace',
                 [
                     '/usr/bin/strace',
                     '-ff',
                     '-o',
                     '/tmp/strace.log',
                     '-t',
                     '-s',
                     '100',
                     '-v',
                     '/usr/local/bin/terrat',
                     'server', '--verbosity=debug'
                 ])
    else:
        os.execv('/usr/local/bin/terrat', ['/usr/local/bin/terrat', 'server', '--verbosity=debug'])

if __name__ == '__main__':
    main()
